Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests brings the SecTor audience the most massive collection of weird, downright bizarre, freaky, and altogether unlikely hacks ever seen in the wild. This talk will focus on those complex hacks found in real environments – some in very high end and important systems, that are unlikely but true. Through stories and demonstrations we will take the audience into a bizarre world where odd business logic flaws get you almost free food [including home shipping], forgotten PBX accounts are used to compromise large financial systems, and security systems are used to hack organizations. The SpiderLabs team delivered more than 2300 penetration tests last year, giving us access to a huge variety of systems and services, we’ve collected a compendium of coolest and oddest compromises from the previous year to present. Our goal is to show effective attacks and at the same time not the trivial ones that can be found by automated methods. By the end of this presentation we hope to have the audience thinking differently about systems and applications that organizations use every day, and how they may be used against them.